name - policy name, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

displayName - policy display name, can be either a String value or null.

description - policy description, can be either a String value or null.

rule - PolicyRuleEntry object, the parameter should not be null.

permSets - a list of PermissionSetEntry objects, the parameter should not be null and should contain at least one element.

principals - a list of PrincipalEntry objects, the parameter should not be null and should contain at least one element.

obligations - a list of ObligationEntry objects, if null is passed in, just ignore it.

Returns:

a PolicyEntry object

Throws:

InvalidArgumentException - if the values passed in are invalid, throws out InvalidArgumentException, e.g. passing null value to one of name, rule, permSets, and principals parameters or passing an invalid regex for ResourceNameExpression(s) triggers the exception.

Creates a policy with the given parameters. The following restrictions apply:

cs and principals - one or both of these parameters must be specified.
resActs and permissionSetNames - one or both of these parameters must be specified.

Policy also defines semantic that describes how specific principals should be handled:

PRINCIPAL_AND_SEMANTIC policy applies to a user if the user matches all principals listed in the policy.
For example, if list of principals contains two roles, the user must be member of both roles for policy to apply
PRINCIPAL_OR_SEMANTIC policy applies to a user if the user matches at least on of principals listed in
the policy. For example, if list of principals contains two roles, the user can be a member of at least
one of these roles for policy to apply.

Parameters:

name - policy name, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

displayName - policy display name, can be either a String value or null.

description - policy description, can be either a String value or null.

rule - PolicyRuleEntry object, the parameter should not be null.

principals - a list of PrincipalEntry object. If cs is null, then list of principals entries should contain at least one element.

cs - a CodeSourceEntry object.If principals is null, then code source entry should be defined.

resActs - a list of ResourceActionsEntry objects.If permissionSetNames is null, then the list of ResourceAcxtionEntries should contain at least one valid element.

permissionSetNames - a list of names of PermissionSetEntry objects.If resActs is null, then the list of PermissionSetNames should contain at least one non-null element.

obligations - a list of ObligationEntry objects, if null is passed in, just ignore it.

policySemantic - semantic of the policy that describes how principals specified in the policy should be handled:

PRINCIPAL_AND_SEMANTIC policy applies to a user if the user matches all principals listed in the policy.
For example, if list of principals contains two roles, the user must be member of both roles for policy to apply.

PRINCIPAL_OR_SEMANTIC policy applies to a user if the user matches at least on of principals listed in
the policy. For example, if list of principals contains two roles, the user can be a member of at least
one of these roles for policy to apply.

Returns:

created PolicyEntry object.

Throws:

InvalidArgumentException - if the values passed in are invalid, throws out InvalidArgumentException, e.g. passing null value to one of name, rule, permSets, and principals parameters triggers the exception. Also thrown if policy contains ResourceAction(s) contain ResourceNameExpression with invalid java regex.

deletePolicy

name - the name of the policy to be removed, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

cascading - deletion flag, if the flag is set to false and the Policy is referred by a PolicySet, throws out PolicyStoreOperationNotAllowedException. If the flag is set to true and the Policy is referred by a PolicySet, delete the Policy as well as the reference in that PolicySet. If the particular PolicySet has only one Policy reference, delete the PolicySet too.

modifyPolicy

Persists a revised in-memory PolicyEntry object. In order to change a policy, you have to apply the changes on an in-memory object, and then pass the object to the method.

Parameters:

policy - a modified policy object

Throws:

InvalidArgumentException - if null is passed in or the policy object lacks any of name, policy rule, permission set, principal. Also thrown if added ResourceAction(s) contain ResourceNameExpression with invalid java regex.

PolicyObjectNotFoundException - if the policy doesn't exist in policy repository, or the policy components used don't exist, including permission set, function used in policy rule, attribute used in policy rule and obligation.

name - policy name, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

displayName - policy display name, can be either a String value or null.

description - policy description, can be either a String value or null.

rule - PolicyRuleEntry object, the parameter should not be null.

permSets - a list of PermissionSetEntry objects, the parameter should not be null and should contain at least one element.

principals - a list of PrincipalEntry objects, the parameter should not be null and should contain at least one element if cs is null.

cs - a CodeSourceEntry object, the parameter should be null if principals list is not null or empty

obligations - a list of ObligationEntry objects, if null is passed in, just ignore it.

policySemantic - semantic of the policy.If PolicyEntry.POLICY_SEMANTIC.PRINCIPAL_AND_SEMANTIC is used, a Subject must have all principals in the policy to be granted with the specified permission sets. If PolicyEntry.POLICY_SEMANTIC.PRINCIPAL_OR_SEMANTIC is used, a Subject can be granted with the permission sets if it has any one of the principals.

Returns:

a PolicyEntry object

Throws:

InvalidArgumentException - if the values passed in are invalid, throws out InvalidArgumentException, e.g. passing null value to one of name, rule, permSets, and principals parameters triggers the exception. Also thrown if policy contains ResourceAction(s) contain ResourceNameExpression with invalid java regex.

name - policy name, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

displayName - policy display name, can be either a String value or null.

description - policy description, can be either a String value or null.

rule - PolicyRuleEntry object, the parameter should not be null.

resActs - a list of ResourceActionsEntry objects, the parameter should not be null and should contain at least one element.

principals - a list of PrincipalEntry objects, the parameter should not be null and should contain at least one element if cs is null.

cs - a CodeSourceEntry object, the parameter should be null if principals list is not null or empty

obligations - a list of ObligationEntry objects, if null is passed in, just ignore it.

policySemantic - semantic of the policy.If PolicyEntry.POLICY_SEMANTIC.PRINCIPAL_AND_SEMANTIC is used, a Subject must have all principals in the policy to be granted with the specified permission sets. If PolicyEntry.POLICY_SEMANTIC.PRINCIPAL_OR_SEMANTIC is used, a Subject can be granted with the permission sets if it has any one of the principals.

Returns:

a PolicyEntry object

Throws:

InvalidArgumentException - if the values passed in are invalid, throws out InvalidArgumentException, e.g. passing null value to one of name, rule, permSets, and principals parameters triggers the exception. Also thrown if policy contains ResourceAction(s) contain ResourceNameExpression with invalid java regex.